Naxsi, a Web Application Firewall for Nginx

Instead of relying on a database of attack signatures (negative model - most common approach), naxsi relies on a way smaller set of "Uncommon" or "Dangerous" patterns, and will use those to decide if a request is malevolent or legitimate.